Where is performance & strategy in GRC?
Most GRC software as well as GRC implementations are more like RC (without the G). Or just R or just C. Or perhaps Rc or rC. . .
My position for this discussion – we cannot adequately state we are doing the G in GRC unless we are also taking into account business objectives, strategy, and performance. That is what corporate governance is about. Staying within boundaries for compliance, and managing risk plays into this. But the GRC solutions and initiatives do not really do the G.
Thoughts?